How SIEM tools monitor your network - PowerPoint PPT Presentation

About This Presentation
Title:

How SIEM tools monitor your network

Description:

Leo TechnoSoft SIEM products help's every enterprise with all security threats. Security information and event management software provides real-time visibility. – PowerPoint PPT presentation

Number of Views:39
Updated: 3 November 2017
Slides: 8
Provided by: hardiksoni
Category: Other

less

Transcript and Presenter's Notes

Title: How SIEM tools monitor your network


1
How SIEM tools monitor your network
  • Information theft is a big business and corporate
    information that features project deals and trade
    secrets. Hence, information management is a
    necessary component of any program.
  • That is where Security Information and Event
    Management (SIEM) monitoring comes into play.

2
What is SIEM ?
  • Security Information and Event Management
    (SIEM) is a technology for cyber security that
    provides real-time analysis of security alerts
    generated by hardware as well as network
    applications.
  • SIEM monitoring supports earliest threat
    detection and fastest security incident response
    through the real-time collection and historical
    analysis of security events that are compiled
    from a broad variety of event and contextual data
    sources. SIEM tools also support compliance
    reporting and incident investigation via
    historical data analysis from the sources.

3
How SIEM works ?
  • Security Information and Event Management
    (SIEM) is a technology for cyber security that
    provides real-time analysis of security alerts
    generated by hardware as well as network
    applications.
  • SIEM monitoring supports earliest threat
    detection and fastest security incident response
    through the real-time collection and historical
    analysis of security events that are compiled
    from a broad variety of event and contextual data
    sources. SIEM tools also support compliance
    reporting and incident investigation via
    historical data analysis from the sources.

4
How SIEM works ?
  • You may spend a lot of money buying a Security
    Information and Event Management (SIEM) product
    from your trustworthy SIEM vendors but if you do
    not follow through and use the SIEM properly,
    SIEM monitoring functionality and SIEM tools will
    fail to protect your information.
  • SIEM tools monitor at your network through a
    larger lens than can be provided by a single
    security control or information source. For
    example
  • Asset Management functionality of SIEM monitoring
    would oversee business processes, applications
    and administrative contacts.
  • Network Intrusion Detection system (IDS) is an
    SIEM tool that only understands Packets,
    Protocols and IP Addresses.
  • Endpoint Security system is a functionality of
    SIEM monitoring only sees files, usernames and
    hosts.
  • Service Logs of SIEM monitoring show database
    transactions, user sessions and configuration
    changes.
  • File Integrity Monitoring (FIM) systems SIEM tool
    of only see the changes in files and registry
    settings.

5
SIEM Benefits
  • The benefits of SIEM monitoring are as follows
  • Streamline compliance reporting
  • This is the most important benefit offered by
    SIEM tools. It streamlines their compliance
    reporting and efforts through a centralized
    logging solution. Any host that needs to have the
    log of its security events included in the
    reporting can regularly transfer its log data to
    a SIEM server.
  • Detect incidents that would otherwise not be
    detected
  • Some incidents can be detected only by SIEM
    tools. This is because of two reasons. First,
    many hosts that log security events do not have
    built-in incident detection capabilities. Hence,
    they lack the ability to analyze the log entries
    and there is no guarantee of identifying signs of
    malicious activity.

6
  • The second reason for SIEMs advanced detection
    capabilities is that they can correlate events
    across hosts. By gathering events from hosts
    across the enterprise, a SIEM tool can see
    attacks that have different parts seen by
    different hosts. After that, it can reconstruct
    the series of events to determine what the nature
    of the attack was and whether or not it
    succeeded.
  • After SIEM tools examine the log data for all
    events, they can figure out malware infection in
    the device that due to infection joined a botnet
    and started attacks against other hosts. They can
    also stop cyber attacks in progress.
  • On the detection of any activity involving known
    malicious hosts, SIEM tools can terminate the
    connections of those hosts. They can also disrupt
    interactions between malicious hosts and
    organizations hosts in order to prevent an
    attack before it occurs.

7
Improve the efficiency of incident handling
activities
  • SIEM tools increase the efficiency of incident
    handling, which in turn saves time and resources
    for incident handlers. More efficient incident
    handling speeds up the process of incident
    containment. Hence, it reduces the amount of
    damage that many incidents cause. SIEM monitoring
    improves efficiency by providing a single
    interface for viewing all the security log data
    from many hosts.
  • To know more about the SIEM services offered by
    us and know about our other security services,
    contact us at enquiry_at_leosys.net or call us at
    407-965-5509. Allow us to be your SIEM vendor.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "How SIEM tools monitor your network" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!